POST

The 3.0.3 version of VSFTP seems to have an exploit against it so you should update to 3.0.5. However at the current time that has not been released in Debian upstream so we get to compile it ourselves!

First get and decompress the source

1
2
3

wget https://security.appspot.com/downloads/vsftpd-3.0.5.tar.gz
tar xvf vsftpd-3.0.5.tar.gz
cd vsftpd-3.0.5

Now you're going to need to edit the builddefs.h specifically you want to enable SSL with

1

#define VSF_BUILD_SSL

You may need to install the open ssl headers

1

sudo apt install libssl-dev

Next run a standard make/make install

1
2

make
make install

That should be it. If you're replacing an apt sourced vsftpd then remember to uninstall that and you will have to update the init.d script to point at the new one which is in /usr/local/sbin instead of /usr/sbin. You could also change the install prefix but I like local better.